Fedora has issued an advisory today (July 25): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS/ Mageia 8 is also affected.
Status comment: (none) => Patch available from FedoraWhiteboard: (none) => MGA8TOO
Another update for a quiet and parentless SRPM, so assigning globally.
Assignee: bugsquad => pkg-bugs
Updated packages built for cauldron and Mageia 8 Advisory: ======================== Updated giflib package fixes security vulnerability: It was discovered that giflib 5.2.1 (including mingw-giflib which has giflib 5.2.1 bundled) contained a heap-buffer-overflow in function DumpScreen2RGB() (CVE-2022-28506). References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28506 https://sourceforge.net/p/giflib/bugs/159/ ======================== Updated packages in core/updates_testing: ======================== giflib-progs-5.2.1-5.1.mga8 lib64gif7-5.2.1-5.1.mga8 lib64gif-devel-5.2.1-5.1.mga8 from giflib-5.2.1-5.1.mga8.src.rpm mingw32-giflib-5.2.1-2.1.mga8.noarch.rpm mingw32-giflib-static-5.2.1-2.1.mga8.noarch.rpm mingw32-giflib-tools-5.2.1-2.1.mga8.noarch.rpm mingw64-giflib-5.2.1-2.1.mga8.noarch.rpm mingw64-giflib-static-5.2.1-2.1.mga8.noarch.rpm mingw64-giflib-tools-5.2.1-2.1.mga8.noarch.rpm from mingw-giflib-5.2.1-2.1.mga8.src.rpm Possible testing help: https://bugs.mageia.org/show_bug.cgi?id=24378#c3
Keywords: (none) => has_procedureCC: (none) => mhrambo3501Whiteboard: MGA8TOO => (none)Version: Cauldron => 8Assignee: pkg-bugs => qa-bugsStatus comment: Patch available from Fedora => (none)
MGA8-64 Plasma on Acer Aspire 5253 No installation issues Following lead in Comment 2 $ giftool -f "%v\n%w x %h\n" < riet.gif GIF87a 1770 x 1253 [tester8@mach7 Pictures]$ giftext -c < riet.gif Stdin: Screen Size - Width = 1770, Height = 1253. ColorResolution = 8, BitsPerPixel = 8, BackGround = 0, Aspect = 0. Has Global Color Map. Global Color Map: Sort Flag: off 0: 27h 27h 28h 1: 30h 28h 20h 2: 30h 20h 30h 3: 30h 20h 26h 4: 30h 30h 28h 5: 28h 30h 2fh 6: 28h 28h 30h 7: 38h 27h 27h 8: 38h 30h 28h 9: 38h 38h 28h 10: 38h 28h 30h 11: 30h 38h 30h etc... and at the end: Image #1: Image Size - Left = 0, Top = 0, Width = 1770, Height = 1253. Image is Non Interlaced. No Image Color Map. GIF file terminated normally. $ gifclrmp -s < riet.gif > colourmap.txt $ cat colourmap.txt 0 39 39 40 1 48 40 32 2 48 32 48 3 48 32 38 4 48 48 40 5 40 48 47 etc.... $ gifclrmp -g 2.2 <riet.gif > colourmap Generates image with brighter tones [tester8@mach7 Pictures]$ file colourmap colourmap: GIF image data, version 87a, 1770 x 1253 [tester8@mach7 Pictures]$ gifecho -c 244 161 174 -t "Good morning QA" > greeting.gif bash: gifecho: command not found Checked in MCC, command is not included, no further comments. [tester8@mach7 Pictures]$ gif2rgb -c 8 -o rgbtest riet.gif Generates 3 binary files Resullts similar enough to refered bug 24378, giving OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0275.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED